Different UDP and TCP ports?

Ivo Smits Ivo at UFO-Net.nl
Tue May 2 19:10:47 CEST 2017 

Tinc also does not seem to care much about the TCP port numbers. I have 
had some success with both kernel (NAT) redirection and userspace (socat 
or similar) forwarding of the TCP port used for meta connections. I use 
this to accept VPN connections on TCP 443 in addition to the default 
port. I think tinc will still use the configured port for UDP packets in 
this case.

--
Ivo

Op 2-5-2017 om 18:59 schreef Peter Whisker:
> It's down to corporate firewall rules I can't control. I've tried 
> tricking it like you suggested but it didn't work. I guess iptables is 
> the next port if call.
>
> It might be a useful addition to tinc.
>
> Thanks
> Petdf
>
> On 2 May 2017 17:50, "Guus Sliepen" <guus op tinc-vpn.org 
> <mailto:guus op tinc-vpn.org>> wrote:
>
>     On Tue, May 02, 2017 at 05:40:40PM +0100, Peter Whisker wrote:
>
>     > Is it possible to use different port numbers for UDP and TCP?
>     I'd like to
>     > open the TCP connection to one port on the remote server and
>     stream the UDP
>     > packets to a different port. I've tried specifying both as
>     BindToAddress
>     > and Address lines but it always just uses TCP.
>
>     It's not directly supported by tinc, but maybe you can trick it
>     to. Here
>     are some pointers:
>
>     You can have multiple BindToAddress lines. For outgoing UDP packets,
>     tinc will *initially* use the first matching one for a given address
>     family (IPv4 or IPv6).
>
>     Other tinc nodes will *initially* try to send UDP packets to this node
>     on the same port.
>
>     However, to help NAT traversal, tinc will allow packets from different
>     ports. If you really want to allow UDP packets on only one specific
>     port, you might want to add firewall rules to block UDP packets from
>     the other port(s), both incoming and outgoing.
>
>     Since tinc does not care about the port, you might instead try to add
>     NAT rules that change the source port of outgoing UDP packets to the
>     desired one (and also the destination port of incoming UDP packets).
>
>     But I wonder why you want to split this?
>
>     --
>     Met vriendelijke groet / with kind regards,
>          Guus Sliepen <guus op tinc-vpn.org <mailto:guus op tinc-vpn.org>>
>
>     _______________________________________________
>     tinc mailing list
>     tinc op tinc-vpn.org <mailto:tinc op tinc-vpn.org>
>     https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>     <https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc>
>
>
>
> _______________________________________________
> tinc mailing list
> tinc op tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

------------- volgend deel ------------
Een HTML-bijlage is gescrubt...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170502/b3a3d4c1/attachment.html>

More information about the tinc mailing list